100% of Cybersecurity audits conducted by PwC in 2021 show risks related to a lack of security in Active Directory management.
On average, PwC experts estimate that it takes two and a half years to conduct an Active Directory remediation plan within a large enterprise.
Identity and Access Management Monitoring is a mainstream Microsoft technology used by enterprises to manage user accounts and network access. Its central role makes it a prime target for hackers to gain access to sensitive information and potentially disrupt business operations. Most ransomware attacks rely on the compromise of privileged accounts and spy groups exploit Active Directory configuration flaws to access data or persistently penetrate corporate networks. Our Identity and Access Management Monitoring solution enables you to address these challenges.
Benefits of Identity and Access Management Monitoring
Continuous monitoring of changes in the security architecture of the Active Directory.
Automated collection of your server and workstation configurations.
Review of the level of compliance of your Microsoft security environment with the ANSSI guide.
Holistic view of the risks in your Microsoft environment.
Recognized expertise to help you prioritize the most critical and vulnerable areas of your IS and implement actionable remediation plans.
Identity and Access Management Monitoring differs from the others solutions of the market as it goes beyond in its technical analysis and really allows to solidify AD bases regarding good practices of security and recommended checks by the ANSII. Our tool can allow you to follow the evolution of your AD's remediation and keep pace with the changes that could alter the AD's level of maturity. Therefore, Identity and Access Management Monitoring allows you to keep control at all times of the context of your AD and manage the remediations treating identified vulnerabilities.
Jean-Bernard Rambaud, Partner Cyber Intelligence, PwC France et Maghreb
- Number of endpoints covered: 1,000
- Number of domains covered: 1
- Number of iterations (vulnerability assessment & remediation support): 1 / month
- Remediation support workshops: 1 / month
- Highlighting of AD bad practices (e.g. Privilege, AD Group)
- Endpoint analysis (services, processes, scheduled tasks, drivers, AV, local administrators)
- Analysis of compliance with the ANSSI guide
- Remediation plan
- Difference between the different reviews
- Detailed report
- Number of endpoints covered: 3,000
- Number of domains covered: up to 3
- Number of iterations (vulnerability assessment & remediation support): up to 2 / month
- Remediation support workshops: up to 2 / month
- Highlighting of AD bad practices (e.g. Privilege, AD Group)
- Endpoint analysis (services, processes, scheduled tasks, drivers, AV, local administrators)
- Analysis of compliance with the ANSSI guide
- Remediation plan
- Difference between the different reviews
- Detailed report
- Managerial report
- Number of endpoints covered: 10,000
- Number of domains covered: up to 10
- Number of iterations (vulnerability assessment & remediation support): up to 3 / month
- Remediation support workshops: up to 3 / month
- Highlighting of AD bad practices (e.g. Privilege, AD Group)
- Endpoint analysis (services, processes, scheduled tasks, drivers, AV, local administrators)
- Analysis of compliance with the ANSSI guide
- Remediation plan
- Difference between the different reviews
- Detailed report
- Managerial report
Book a demo
F.A.Q
How does the continuous monitoring of the Microsoft environment work?
Our teams use the ISARS tool to collect data on all the components of your environment (Active directory, Workstations, Servers). This information is then analyzed taking into account a set of security controls and best practices, including those promulgated by the ANSSI. Once the analysis is done, our teams sort, analyze and prioritize the results in order to provide you with clear and actionable recommendations, and assist your operational teams in the implementation of remediation actions.
Do you have any examples of security checks performed?
- Ensure that the last accounts created on the domain have been validated and archived
- Review the password policy and ensure that it complies with best practices
- Ensure that accounts not used for at least 90 days are disabled or deleted
- Review whether network shares are readable and writable by everyone and whether they contain potentially risky data
- Ensure that passwords are not trivial
- Ensure that all computers have an up-to-date and active antivirus program
What types of data are collected to monitor your Active Directory?
- Antivirus/EDR deployment status
- User account information
- Security patches deployment level
- Network interface information
- The level of strength of passwords
- Access to network shares